Cybersecurity Bill Gets Senate Intelligence Committee Blessing

The US Senate Intelligence Committee has approved a bill designed to ‘encourage’ private companies to share data with the American government.

The move comes despite jitters from privacy campaigners, who fear the potential misuse of this data by both the government, and private companies.

Committee Approval

The controversial Cybersecurity Information Sharing Act, otherwise known as CISA, is designed to rework how the US government and private businesses and organisations exchange Internet users’ confidential information.

The bill is raising serious concerns among privacy campaigners, due to its vague language and a range of privacy and Internet freedom issues. They fear it could, in fact, broaden the data collecting powers of the NSA and similair agencies.

In a nutshell, the CISA bill is designed to facilitate the flow of ‘cyber threat’ information between private companies, such as Google, Verizon and Microsoft, and government agencies, such as the FBI or even the NSA. The bill greatly reduces the current limitations on corporate and government collaboration. Some say it reconstitutes the American government’s policies towards the Internet with regards to Fourth Amendment rights.

Therefore if it passes into law, it could have a major impact on areas including privacy, corporate liability, freedom of information and national security. But the lawmakers argue that it is the best way to encourage more co-operation between the government and private companies, in an effort to strengthen the overall cyber defences of American organisations.

The bill has now been approved by the US Senate Intelligence Committee, in a 12-3 vote. It is authored by the committee’s chairwoman, Dianne Feinstein, a Democrat, and Vice Chairman Saxby Chambliss, a Republican.

“Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” Feinstein told Reuters. “This bill is an important step toward curbing these dangerous cyber attacks.”

The CISA bill must be approved by the full Senate, but it has bipartisan support so is likely to get enough support. It also needs to be reconciled with similar legislation that passed the House of Representatives in April.

The bill apparently authorises companies and individuals to monitor their own and consenting customers’ networks for hacking. They can then voluntarily share cyber threat data, without any personally identifiable information, with the government and each other for cybersecurity purposes.

And CISA is a two way street, as the US government would also be required to increase the amount of information it shares with private firms.

Privacy Concerns

The bill is being opposed by privacy campaigners. “A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws,” said the American Civil Liberties Union.

“The bill would create a massive loophole in our existing privacy laws by allowing the government to ask companies for ‘voluntary’ cooperation in sharing information, including the content of our communications, for cybersecurity purposes,” it added. “But the definition they are using for the so-called “cybersecurity information” is so broad it could sweep up huge amounts of innocent Americans’ personal data.”

The bill is also opposed by the Electronic Frontier Foundation. “It’s the fourth time in four years that Congress has tried to pass ‘cybersecurity’ legislation. Unfortunately, the newest Senate bill is one of the worst yet,” it said.

“Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. This fatally flawed bill must be stopped.”

Are you a pedant on privacy? Try our quiz!